Oh.. Sorry for the misunderstanding… The hint http://sourceforge.net/p/packetfence/mailman/message/34280896/ worked for packetfence 5.2.x. -> Now, with 5.3.1 I have still the problem described below!
So I didn’t change the configuration back to default after upgrading to 5.3.1 .. ..for now I can’t test it because my radiusd doesn’t come up after "yum upgrade“ :/ .. But that’s another case.. Am [DATE] schrieb "heupink" <[ADDRESS]>: >Hi Dennis, > >Yes, I wanted to point you to this solution, and forgot. I'm sorry. > >So for you things work also, now? Nice, it's just so strange that >undocumented hacks are needed to get something (relatively common, i >think..) to work. > >I had also hoped that this bugfix in packetfence 5.3.0: >• Fixed incorrect RADIUS realm detection when using windows computer >authentication >would also solve that issue, but we still need the hack. > >Strange. > >MJ > > >On 8/11/2015 14:01, Dennis Schulmeyer wrote: >> Hi Louis, >> >> I’ve followed this hint >> http://sourceforge.net/p/packetfence/mailman/message/34280896/ to get >> machine accounts work properly.. >> So my configuration is: >> >> realm.conf >> >> [TESTDOMAIN] >> domain=TESTSERVER >> options=strip >> >> [TESTDOMAIN.COM] >> domain=TESTSERVER >> options=strip >> >> [NULL] >> domain=TESTSERVER >> options=nostrip >> >> >> domain.conf >> >> [TESTSERVER] >> bind_pass= >> dns_server=192.168.10.10 >> bind_dn=administrator >> workgroup=TESTDOMAIN >> ad_server=testserver.testdomain.com >> server_name=testserver >> dns_name=testdomain.com >> >> >> proxy.conf.inc >> >> # This file is generated from a template at >> /usr/local/pf/conf/radiusd/proxy.conf.inc >> # Any changes made to this file will be lost on restart >> >> realm TESTDOMAIN { >> strip >> } >> >> realm TESTDOMAIN.COM { >> strip >> } >> >> realm NULL { >> nostrip >> } >> >> >> Thanks in advance! >> >> Dennis >> >> Von: Louis Munro >> Antworten an: "[email protected] >> <mailto:[email protected]>" >> Datum: Mittwoch, 5. August 2015 17:49 >> An: "[email protected] >> <mailto:[email protected]>" >> Betreff: Re: [PacketFence-users] Auth: Login incorrect (mschap: External >> script says Reading winbind reply failed! (0xc0000001)) >> >> Looks to me like the domain is not correctly defined or you don’t have a >> default domain. >> >> Can you post conf/realm.conf, conf/domain.conf and raddb/proxy.conf.inc? >> >> -- >> Louis Munro >> [email protected] <mailto:[email protected]> :: www.inverse.ca >> <http://www.inverse.ca> >> +1.514.447.4918 x125 :: +1 (866) 353-6153 x125 >> Inverse inc. :: Leaders behind SOGo (www.sogo.nu <http://www.sogo.nu>) >> and PacketFence (www.packetfence.org <http://www.packetfence.org>) >> >> On Aug 5, 2015, at 11:23 , Dennis Schulmeyer <[email protected] >> <mailto:[email protected]>> wrote: >> >>> Wed Aug 5 17:12:20 2015 : Debug: [eap] EAP/mschapv2 >>> Wed Aug 5 17:12:20 2015 : Debug: [eap] processing type mschapv2 >>> Wed Aug 5 17:12:20 2015 : Debug: [mschapv2] # Executing group from >>> file /usr/local/pf/raddb//sites-enabled/packetfence-tunnel >>> Wed Aug 5 17:12:20 2015 : Debug: [mschapv2] +group MS-CHAP { >>> Wed Aug 5 17:12:20 2015 : Debug: [mschapv2] ++? if (PacketFence-Domain) >>> Wed Aug 5 17:12:20 2015 : Debug: [mschapv2] ? Evaluating >>> (PacketFence-Domain) -> FALSE >>> Wed Aug 5 17:12:20 2015 : Debug: [mschapv2] ++? if >>> (PacketFence-Domain) -> FALSE >>> Wed Aug 5 17:12:20 2015 : Debug: [mschapv2] ++else else { >>> Wed Aug 5 17:12:20 2015 : Debug: [mschap] Creating challenge hash >>> with username: host/PC001.testdomain.com <http://pc001.testdomain.com/> >>> Wed Aug 5 17:12:20 2015 : Debug: [mschap] Client is using MS-CHAPv2 >>> for host/PC001.testdomain.com <http://pc001.testdomain.com/>, we need >>> NT-Password >>> Wed Aug 5 17:12:20 2015 : Debug: [mschap]expand: %{Stripped-User-Name} -> >>> Wed Aug 5 17:12:20 2015 : Debug: [mschap]... expanding second conditional >>> Wed Aug 5 17:12:20 2015 : Debug: [mschap]expand: >>> %{mschap:User-Name:-None} -> PC001$ >>> Wed Aug 5 17:12:20 2015 : Debug: [mschap]expand: >>> --username=%{%{Stripped-User-Name}:-%{mschap:User-Name:-None}} -> >>> --username=PC001$ >>> Wed Aug 5 17:12:20 2015 : Debug: [mschap] Creating challenge hash >>> with username: host/PC001.testdomain.com <http://pc001.testdomain.com/> >>> Wed Aug 5 17:12:20 2015 : Debug: [mschap]expand: >>> --challenge=%{mschap:Challenge:-00} -> --challenge=008ed3fa50ed746a >>> Wed Aug 5 17:12:20 2015 : Debug: [mschap]expand: >>> --nt-response=%{mschap:NT-Response:-00} -> >>> --nt-response=5ddae5e07d7a2dc1733531fce4eb8a772ad350309533952d >>> Wed Aug 5 17:12:20 2015 : Debug: [mschap] Exec: program returned: 1 >>> Wed Aug 5 17:12:20 2015 : Debug: [mschap] External script failed. >>> Wed Aug 5 17:12:20 2015 : Debug: [mschap] FAILED: MS-CHAP2-Response >>> is incorrect >> >> >> >> ------------------------------------------------------------------------------ >> >> >> >> _______________________________________________ >> PacketFence-users mailing list >> [email protected] >> https://lists.sourceforge.net/lists/listinfo/packetfence-users >> > >------------------------------------------------------------------------------ >_______________________________________________ >PacketFence-users mailing list >[email protected] >https://lists.sourceforge.net/lists/listinfo/packetfence-users ------------------------------------------------------------------------------ _______________________________________________ PacketFence-users mailing list [email protected] https://lists.sourceforge.net/lists/listinfo/packetfence-users
